def readSyscall(self, regs):
# Read syscall number
if CPU_PPC:
self.syscall = regs.gpr0
elif RUNNING_LINUX:
if CPU_X86_64:
self.syscall = regs.orig_rax
else:
self.syscall = regs.orig_eax
else:
self.syscall = regs.eax
# Get syscall variables
self.name = SYSCALL_NAMES.get(self.syscall, "syscall<%s>" % self.syscall)
def readSyscall(self, regs):
# Read syscall number
if CPU_POWERPC:
self.syscall = regs.gpr0
elif RUNNING_LINUX:
if CPU_X86_64:
self.syscall = regs.orig_rax
else:
self.syscall = regs.orig_eax
else:
self.syscall = regs.eax
# Get syscall variables
self.name = SYSCALL_NAMES.get(self.syscall,
"syscall<%s>" % self.syscall)
def trace(pid):
ptrace_attach(pid)
if wait_status() == -1:
return -1
print "-- start traceing %d ..." %pid
while True:
ptrace_syscall(pid)
if wait_status() == -1:
ptrace_detach(pid)
return -1
regs = ptrace_getregs(pid)
res = SYSCALL_NAMES.get(regs.orig_rax)
if res == "clone" or res == "fork" or res == "vfork" or res == "execve":
limit = resource.getrlimit(resource.RLIMIT_NPROC)
if regs.rax > 0 and regs.rax < limit[1]:
print "create new child: %s" %regs.rax
return 0
def readSyscall(self, regs):
# Read syscall number
self.syscall = getattr(regs, SYSCALL_REGISTER)
# Get syscall variables
self.name = SYSCALL_NAMES.get(
self.syscall, "syscall<%s>" % self.syscall)
def readSyscall(self, regs):
# Read syscall number
self.syscall = getattr(regs, SYSCALL_REGISTER)
# Get syscall variables
self.name = SYSCALL_NAMES.get(self.syscall, "syscall<%s>" % self.syscall)
